Security Vulnerabilities
Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters.
CVSS Score
8.2
EPSS Score
0.0
Published
2025-07-09
Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-07-09
Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-07-09
Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-07-09
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences.
CVSS Score
8.2
EPSS Score
0.071
Published
2025-07-09
Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-07-09
In ConnectWise PSA versions older than 2025.9, a
vulnerability exists where authenticated users could gain access to sensitive
user information. Specific API requests were found to return an overly verbose
user object, which included encrypted password hashes for other users.
Authenticated users could then retrieve these hashes.
An
attacker or privileged user could then use these exposed hashes to conduct
offline brute-force or dictionary attacks. Such attacks could lead to
credential compromise, allowing unauthorized access to accounts, and
potentially privilege escalation within the system.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-07-09
IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related configuration and internal state.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-07-09
Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows the telnet service (telnetd) by default at boot via the initialization script /etc/init.d/eth.sh. This allows remote attackers to connect to the device s shell over the network, potentially without authentication if default or weak credentials are present
CVSS Score
7.5
EPSS Score
0.002
Published
2025-07-09
IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-07-09